Platform
other
Component
yordam-library-automation-system
Fixed in
21.7
CVE-2025-10439 describes a SQL Injection vulnerability discovered in the Yordam Library Automation System. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to the database and compromising sensitive information. The vulnerability impacts versions 21.5 and 21.6 of the system, and a patch is available in version 21.7.
Successful exploitation of CVE-2025-10439 could allow an attacker to bypass authentication mechanisms, directly accessing and manipulating the underlying database. This could lead to the theft of sensitive data such as user credentials, library records, and financial information. Furthermore, an attacker could potentially modify data, leading to data corruption or denial of service. The blast radius extends to all data stored within the Yordam Library Automation System database, making it a high-impact vulnerability.
CVE-2025-10439 has been publicly disclosed. While no active exploitation campaigns have been confirmed, the CRITICAL severity and the ease of SQL Injection exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code may emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-10439 is to upgrade to version 21.7 of the Yordam Library Automation System, which includes the necessary fix. If an immediate upgrade is not possible, consider implementing temporary workarounds such as input validation and parameterized queries on the application layer. While not a complete solution, these measures can reduce the attack surface. Review and restrict database user permissions to limit the potential damage from a successful injection. After upgrade, confirm the vulnerability is resolved by attempting a SQL injection attack on a non-critical endpoint.
Update Yordam Library Automation System to version 21.7 or higher. This update fixes the SQL injection vulnerability. See the vendor security advisory for more details about the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-10439 is a critical SQL Injection vulnerability affecting Yordam Library Automation System versions 21.5 and 21.6, allowing attackers to potentially access and manipulate the database.
If you are using Yordam Library Automation System versions 21.5 or 21.6, you are affected by this vulnerability. Upgrade to version 21.7 to mitigate the risk.
The recommended fix is to upgrade to version 21.7 of the Yordam Library Automation System. If immediate upgrade is not possible, implement temporary workarounds like input validation.
While no active exploitation campaigns have been confirmed, the CRITICAL severity suggests a high probability of exploitation. Monitor your systems closely.
Refer to the official Yordam Informatics website or security advisories for the most up-to-date information and guidance regarding CVE-2025-10439.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.